"Kia Motors Hit With $20M Ransomware Attack – Report"

Kia Motors America has publicly acknowledged an extended system outage but had denied that it was affected by a ransomware attack. Kia stated that “At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.” Ransomware gang DoppelPymer claimed it was responsible for the outage and that they locked down the company’s files in a cyberattack that includes a $20 million ransom demand.  That $20 million will gain Kia a decryptor and guarantee not to publish sensitive data bits on the gang’s leak site.  The ransom note from DoppelPaymer stated that the attack was on Hyundai Motor America, the parent company of Kia Motors America, based in Irvine, Calif. It went on to say that the company has two to three weeks to pay up 404 Bitcoins.  The threat actors warn that a delay in payment could result in the ransom being raised to $30 million to add a sense of urgency.  The outage affected Kia’s mobile apps like Kia Access with UVO Link, UVO eServices, Kia Connect, self-help portals, and customer support.  Beyond disrupting critical operations, ransomware threat actors have learned how to add pressure to companies, threatening that their most sensitive stolen data could be exposed on well-known leak sites if they don’t pay up fast. This tactic is known as double-extortion.  DoppelPaymer ransomware cripples the organization’s ability to conduct business and extracts sensitive data that is used for leverage against the victim to get them to pay the ransom.  DoppelPaymer, like most other ransomware strains, is generally spread through phishing emails, so researchers suggest that organizations should ensure employees are trained to spot and report any suspicious emails.

Threatpost reports: "Kia Motors Hit With $20M Ransomware Attack – Report"